Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning everybody. How you doing today on this episode of the show, I want to talk to you about how cyber criminals use Cryptocurrency in order to make money. And this was prompted by a decent report that came out from a company called chain analysis. And they specialize in um analyzing uh Blockchain and Cryptocurrency transactions to help law enforcement investors and a whole bunch of other interested parties um really wrap their heads around what's going on in uh public cryptocurrencies.
Now, their report focused on how um cybercriminals and the dark net leverage um cryptocurrencies and they had some really interesting um facts. Now, I would have like to see a little bit more about their um methodology to understand how they were accomplishing these things.
But one of the things they were looking at was the largest exchange breaches as well as where that money went. And that was what really was interesting to me is that they analyzed how cyber criminals then um liquidated those assets because the number one challenge when it comes to Cryptocurrency from a sort of scale issue around security is the exchanges themselves.
So there's been some pretty famous um exchange breaches. And we've talked about it in season one last year on this show as well because at the end of the day, Cryptocurrency is really just a file that's sitting on your computer and we've seen a number of exchanges.
So exchanges help you deposit money and then take it out in another um currency for or to aid in a um help uh authorize transactions, things like this. Um But this is just all data sitting on somebody's computer. Now, there was rumors of here in Canada last week that one of the major Canadian exchanges or a large Canadian exchange couldn't access millions of dollars of assets because the founder passed away.
Now, there was a report that came out that disputed that um based on looking at their previous transactions. So it's just a reminder that these are just digital files that need to be protected and thus can be hacked as well. And that was part of this point from chain analysis.
Now, interestingly enough, um the data from Trend Micro uh over 2017 especially in the end of 2017, we saw a massive spike and it continued throughout 2018 that cyber criminals are trying a crime or a scam called uh crypto Jacking. And essentially what this is is that they are going to try to um take over your system or your web browser in order to mine Cryptocurrency.
So the way Cryptocurrency works is essentially your computer needs to guess a whole bunch of numbers to find a valid one on the chain in order to create new currency. So instead of just, you know, being able to buy and sell what you absolutely can do.
If you want to generate new currency in the economy, you need to mine it. Which is why there was this run on GP US for the last couple of years. But interestingly enough that's really expensive to mine for Cryptocurrency. In fact, for Bitcoin, it's currently not worth it to mine.
Bitcoin is trading less of the average value of finding a Bitcoin through mining and Ethereum is not that far off. Um So there's these challenges around Cryptocurrency and how to continue to make here. Well, cybercriminals have figured out that it doesn't cost them anything to use your resources to mine Cryptocurrency and that's exactly what's happening.
Um Now I thought that was a little interesting because that was missing from the chain analysis report. They had a fantastic thing looking at the analysis of hacks into major exchanges. Um The breakdown of how cybercriminals liquidate and turn those assets into something they can use was really good, but they missed that one area of the fact that criminals are basically mining legitimate big quotes around legitimate crypto coin by leveraging other people's resources.
Now, that's a really difficult thing to track because you need to figure out what wallets are being used as part of this malware scheme. But that's another way that Cryptocurrency is being leveraged by cyber criminals because at the end of the day, they're trying to make money.
And if this is an automated way that they can make money, then they're absolutely going to take advantage of that. Now, on the defense side and the, the research side and the law enforcement side, it's really interesting because all these transactions are public. Um and they're all in a very, you know, computer accessible form, which means uh organizations and research teams like the one at chain analysis can do this type of breakdown saying like, hey, we saw this one exchange breach and here's where all those funds went.
Um And yet they can't do that final step, which is why they work with law enforcement and why law enforcement is required of once that um money or that value leaves the system. But it was a really, really interesting work. But I think, you know, for most people out there the day to day is to ensure that your endpoint are um far more secure uh or secure, you're running good endpoint security tools to ensure that your machines aren't being used to mine Cryptocurrency.
And then on the flip side, if you are active in the Cryptocurrency community, make sure that you're using an exchange that has a really high internal security standards. So they are um securing their back end of systems um strongly, they're actively monitoring all their security controls, they're actively backing things up.
So you avoid this potential issue where somebody has the passwords and they pass, um, if that was in fact the case, um, and you avoid this issue of a hacker simply stealing a bunch of files and all of a sudden they've got millions of dollars interesting world.
Um, I think, you know, Cryptocurrency is still shaking out as seen by the fluctuations with Bitcoin, but there's abs uh absolutely value in the back end ideas um in the technology. Um There's just a lot of stuff we need to learn and this is part of it.
Um I'll link to all the stuff I've been talking about um down below. Um as always uh interested in what your thoughts are on the subject. Hit me up online at Mark NC A for those of you on the vlogs in the comments down below.
And as always for podcast listeners and everybody else by email me at Mark N dot C A. Have yourselves a wonderful day and we'll see you on the next show.